CVE-2019-18796

Published: Oct 16, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. This weakness could allow attackers to consume excessive CPU and the application becomes unresponsive.

Affected (1)

Products: Un4seen: Bass

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Un4seen Bass	Up to 2.4.14.1

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (4)

http://www.un4seen.com/

Source: cve@mitre.org

Vendor Advisory

https://github.com/staufnic/CVE/tree/master/CVE-2019-18796

Source: cve@mitre.org

Third Party Advisory

http://www.un4seen.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/staufnic/CVE/tree/master/CVE-2019-18796

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.